PaperMC 1.20.2 java.security.SignatureException: Signature length not correct: got 1 but was expecting 512

[anthonywww]

Server console throwing an error when trying to login:

[00:12:24 INFO]: UUID of player _daemon_process is 42385598-4714-42f0-bc3f-b8f7800fde10
[00:12:24 INFO]: _daemon_process joined the game
[00:12:24 INFO]: _daemon_process[/127.0.0.1:51636] logged in with entity id 380 at ([world]-1.5, 69.0, -7.5)
[00:12:24 ERROR]: Failed to verify Services signature
java.security.SignatureException: Signature length not correct: got 1 but was expecting 512
    at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:213) ~[?:?]
    at java.security.Signature$Delegate.engineVerify(Signature.java:1435) ~[?:?]
    at java.security.Signature.verify(Signature.java:789) ~[?:?]
    at net.minecraft.util.SignatureValidator.verifySignature(SignatureValidator.java:30) ~[paper-1.20.2.jar:git-Paper-318]
    at net.minecraft.util.SignatureValidator.lambda$from$3(SignatureValidator.java:54) ~[paper-1.20.2.jar:git-Paper-318]
    at java.util.stream.MatchOps$1MatchSink.accept(MatchOps.java:90) ~[?:?]
    at java.util.AbstractList$RandomAccessSpliterator.tryAdvance(AbstractList.java:706) ~[?:?]
    at java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:129) ~[?:?]
    at java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:527) ~[?:?]
    at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:513) ~[?:?]
    at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) ~[?:?]
    at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:230) ~[?:?]
    at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:196) ~[?:?]
    at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
    at java.util.stream.ReferencePipeline.anyMatch(ReferencePipeline.java:632) ~[?:?]
    at net.minecraft.util.SignatureValidator.from(SignatureValidator.java:50) ~[paper-1.20.2.jar:git-Paper-318]
    at net.minecraft.util.SignatureValidator.validate(SignatureValidator.java:23) ~[paper-1.20.2.jar:git-Paper-318]
    at net.minecraft.world.entity.player.ProfilePublicKey$Data.validateSignature(ProfilePublicKey.java:54) ~[?:?]
    at net.minecraft.world.entity.player.ProfilePublicKey.createValidated(ProfilePublicKey.java:26) ~[paper-1.20.2.jar:git-Paper-318]
    at net.minecraft.network.chat.RemoteChatSession$Data.validate(RemoteChatSession.java:40) ~[?:?]
    at net.minecraft.server.network.ServerGamePacketListenerImpl.handleChatSessionUpdate(ServerGamePacketListenerImpl.java:3458) ~[?:?]
    at net.minecraft.network.protocol.game.ServerboundChatSessionUpdatePacket.handle(ServerboundChatSessionUpdatePacket.java:19) ~[paper-1.20.2.jar:git-Paper-318]
    at net.minecraft.network.protocol.game.ServerboundChatSessionUpdatePacket.a(ServerboundChatSessionUpdatePacket.java:9) ~[paper-1.20.2.jar:git-Paper-318]
    at net.minecraft.network.protocol.PacketUtils.lambda$ensureRunningOnSameThread$0(PacketUtils.java:53) ~[?:?]
    at net.minecraft.server.TickTask.run(TickTask.java:18) ~[paper-1.20.2.jar:git-Paper-318]
    at net.minecraft.util.thread.BlockableEventLoop.doRunTask(BlockableEventLoop.java:153) ~[?:?]
    at net.minecraft.util.thread.ReentrantBlockableEventLoop.doRunTask(ReentrantBlockableEventLoop.java:24) ~[?:?]
    at net.minecraft.server.MinecraftServer.doRunTask(MinecraftServer.java:1324) ~[paper-1.20.2.jar:git-Paper-318]
    at net.minecraft.server.MinecraftServer.d(MinecraftServer.java:193) ~[paper-1.20.2.jar:git-Paper-318]
    at net.minecraft.util.thread.BlockableEventLoop.pollTask(BlockableEventLoop.java:126) ~[?:?]
    at net.minecraft.server.MinecraftServer.pollTaskInternal(MinecraftServer.java:1301) ~[paper-1.20.2.jar:git-Paper-318]
    at net.minecraft.server.MinecraftServer.pollTask(MinecraftServer.java:1294) ~[paper-1.20.2.jar:git-Paper-318]
    at net.minecraft.util.thread.BlockableEventLoop.managedBlock(BlockableEventLoop.java:136) ~[?:?]
    at net.minecraft.server.MinecraftServer.waitUntilNextTick(MinecraftServer.java:1272) ~[paper-1.20.2.jar:git-Paper-318]
    at net.minecraft.server.MinecraftServer.runServer(MinecraftServer.java:1160) ~[paper-1.20.2.jar:git-Paper-318]
    at net.minecraft.server.MinecraftServer.lambda$spin$0(MinecraftServer.java:315) ~[paper-1.20.2.jar:git-Paper-318]
    at java.lang.Thread.run(Thread.java:833) ~[?:?]
[00:12:24 INFO]: _daemon_process lost connection: Invalid signature for profile public key.
Try restarting your game.
[00:12:24 INFO]: _daemon_process left the game

[DecDuck]

What are you using to load the authentication server?

[evan-goode]

Thanks for the bug report.

• What is the value of enforce-secure-profile in your server.properties?
• What is the value of SignPublicKeys in your Drasl config.toml? (default is True)
• Are you using authlib-injector (via PollyMC or some other launcher) on the client? On the server?
• Do you get the same error with a vanilla server jar? I doubt Paper makes any changes here, but might as well be sure.

[anthonywww]

Hi,

I tested this with all combinations of enforce-secure-profile and SignPublicKeys both being true, both false, first true, second false, etc. they all show the same error. I also refreshed my session token each time before testing again (re-launching) just to make sure via HMCL's "refresh" button.

• Client: I am using the HMCL with authlib-injector built-in pointing to my drasl instance.
• Server: I am using Paper 1.20.2 Build #318 with the following JVM flags.

java -Xms4096m -Xmx4096m \
    -Dminecraft.api.env=custom \
    -Dminecraft.api.auth.host=https://<redacted>/auth \
    -Dminecraft.api.account.host=https://<redacted>/account \
    -Dminecraft.api.session.host=https://<redacted>/session \
    -Dminecraft.api.services.host=https://<redacted>/services \
    -jar paper-1.20.2-318.jar nogui

Note:

• I tested 1.18.2 and it works without issue.
• I have not tried with 1.12.x 1.16.x, 1.17.x, 1.19.x or 1.20.4 yet.
• If it helps, I can see about getting packet captures, though the process looks pretty much the same according to https://wiki.vg

Vanilla 1.20.2 server logs

Unpacking 1.20.2/server-1.20.2.jar (versions:1.20.2) to versions/1.20.2/server-1.20.2.jar
Starting net.minecraft.server.Main
[17:39:28] [ServerMain/INFO]: Environment: Environment[accountsHost=https://<redacted>/account, sessionHost=https://<redacted>/session, servicesHost=https://<redacted>/services, name=properties]
[17:39:29] [ServerMain/INFO]: Loaded 7 recipes
[17:39:29] [ServerMain/INFO]: Loaded 1271 advancements
[17:39:30] [Server thread/INFO]: Starting minecraft server version 1.20.2
[17:39:30] [Server thread/INFO]: Loading properties
[17:39:30] [Server thread/INFO]: Default game type: SURVIVAL
[17:39:30] [Server thread/INFO]: Generating keypair
[17:39:30] [Server thread/INFO]: Starting Minecraft server on *:25565
[17:39:30] [Server thread/INFO]: Using epoll channel type
[17:39:30] [Server thread/INFO]: Preparing level "world"
[17:39:31] [Server thread/INFO]: Preparing start region for dimension minecraft:overworld
[17:39:34] [Worker-Main-24/INFO]: Preparing spawn area: 0%
[17:39:34] [Worker-Main-23/INFO]: Preparing spawn area: 0%
[17:39:34] [Worker-Main-23/INFO]: Preparing spawn area: 0%
[17:39:34] [Worker-Main-23/INFO]: Preparing spawn area: 0%
[17:39:34] [Worker-Main-11/INFO]: Preparing spawn area: 0%
[17:39:34] [Worker-Main-11/INFO]: Preparing spawn area: 0%
[17:39:34] [Worker-Main-11/INFO]: Preparing spawn area: 0%
[17:39:34] [Worker-Main-11/INFO]: Preparing spawn area: 0%
[17:39:35] [Worker-Main-21/INFO]: Preparing spawn area: 39%
[17:39:35] [Server thread/INFO]: Time elapsed: 4377 ms
[17:39:35] [Server thread/INFO]: Done (4.909s)! For help, type "help"
[17:39:49] [User Authenticator #1/INFO]: UUID of player _daemon_process is 42385598-4714-42f0-bc3f-b8f7800fde10
[17:39:49] [Server thread/INFO]: _daemon_process[/<redacted>:58269] logged in with entity id 163 at (-2086.699866821026, 128.0, -506.1380806270861)
[17:39:49] [Server thread/INFO]: _daemon_process joined the game
[17:39:50] [Server thread/ERROR]: Failed to verify Services signature
java.security.SignatureException: Signature length not correct: got 1 but was expecting 512
    at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:213) ~[?:?]
    at java.security.Signature$Delegate.engineVerify(Signature.java:1435) ~[?:?]
    at java.security.Signature.verify(Signature.java:789) ~[?:?]
    at ash.a(SourceFile:28) ~[server-1.20.2.jar:?]
    at ash.a(SourceFile:53) ~[server-1.20.2.jar:?]
    at java.util.stream.MatchOps$1MatchSink.accept(MatchOps.java:90) ~[?:?]
    at java.util.AbstractList$RandomAccessSpliterator.tryAdvance(AbstractList.java:706) ~[?:?]
    at java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:129) ~[?:?]
    at java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:527) ~[?:?]
    at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:513) ~[?:?]
    at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) ~[?:?]
    at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:230) ~[?:?]
    at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:196) ~[?:?]
    at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
    at java.util.stream.ReferencePipeline.anyMatch(ReferencePipeline.java:632) ~[?:?]
    at ash.a(SourceFile:50) ~[server-1.20.2.jar:?]
    at ash.a(SourceFile:23) ~[server-1.20.2.jar:?]
    at cbx$a.a(SourceFile:74) ~[server-1.20.2.jar:?]
    at cbx.a(SourceFile:30) ~[server-1.20.2.jar:?]
    at ub$a.a(SourceFile:42) ~[server-1.20.2.jar:?]
    at alp.a(SourceFile:1809) ~[server-1.20.2.jar:?]
    at abl.a(SourceFile:19) ~[server-1.20.2.jar:?]
    at abl.a(SourceFile:7) ~[server-1.20.2.jar:?]
    at vf.a(SourceFile:23) ~[server-1.20.2.jar:?]
    at afp.run(SourceFile:18) ~[server-1.20.2.jar:?]
    at bfo.d(SourceFile:156) ~[server-1.20.2.jar:?]
    at bfs.d(SourceFile:23) ~[server-1.20.2.jar:?]
    at net.minecraft.server.MinecraftServer.b(SourceFile:778) ~[server-1.20.2.jar:?]
    at net.minecraft.server.MinecraftServer.d(SourceFile:163) ~[server-1.20.2.jar:?]
    at bfo.x(SourceFile:130) ~[server-1.20.2.jar:?]
    at net.minecraft.server.MinecraftServer.bg(SourceFile:760) ~[server-1.20.2.jar:?]
    at net.minecraft.server.MinecraftServer.x(SourceFile:754) ~[server-1.20.2.jar:?]
    at bfo.bp(SourceFile:115) ~[server-1.20.2.jar:?]
    at net.minecraft.server.MinecraftServer.u_(SourceFile:738) ~[server-1.20.2.jar:?]
    at net.minecraft.server.MinecraftServer.w(SourceFile:671) ~[server-1.20.2.jar:?]
    at net.minecraft.server.MinecraftServer.a(SourceFile:263) ~[server-1.20.2.jar:?]
    at java.lang.Thread.run(Thread.java:833) ~[?:?]
[17:39:50] [Server thread/ERROR]: Failed to validate profile key: Invalid signature for profile public key.
Try restarting your game.
[17:39:50] [Server thread/INFO]: _daemon_process lost connection: Invalid signature for profile public key.
Try restarting your game.
[17:39:50] [Server thread/INFO]: _daemon_process left the game

Drasl logs

[
  {
    "time": "2023-12-20T01:49:21.343477794Z",
    "id": "",
    "remote_ip": "<redacted>",
    "host": "<redacted>",
    "method": "GET",
    "uri": "/authlib-injector/sessionserver/session/minecraft/profile/42385598471442f0bc3fb8f7800fde10",
    "user_agent": "HMCL/3.5.5 Java/20.0.1",
    "status": 200,
    "error": "",
    "latency": 406046,
    "latency_human": "406.046µs",
    "bytes_in": 0,
    "bytes_out": 669
  },
  {
    "time": "2023-12-20T01:49:21.352880919Z",
    "id": "",
    "remote_ip": "<redacted>",
    "host": "<redacted>",
    "method": "GET",
    "uri": "/authlib-injector/",
    "user_agent": "HMCL/3.5.5 Java/20.0.1",
    "status": 200,
    "error": "",
    "latency": 39570,
    "latency_human": "39.57µs",
    "bytes_in": 0,
    "bytes_out": 1940
  },
  {
    "time": "2023-12-20T01:49:21.356589214Z",
    "id": "",
    "remote_ip": "<redacted>",
    "host": "<redacted>",
    "method": "POST",
    "uri": "/authlib-injector/authserver/validate",
    "user_agent": "HMCL/3.5.5 Java/20.0.1",
    "status": 204,
    "error": "",
    "latency": 963748,
    "latency_human": "963.748µs",
    "bytes_in": 952,
    "bytes_out": 0
  },
  {
    "time": "2023-12-20T01:39:29.059301478Z",
    "id": "",
    "remote_ip": "<redacted>",
    "host": "<redacted>",
    "method": "GET",
    "uri": "/services/publickeys",
    "user_agent": "Java/17.0.8",
    "status": 200,
    "error": "",
    "latency": 36761,
    "latency_human": "36.761µs",
    "bytes_in": 0,
    "bytes_out": 1557
  },
  {
    "time": "2023-12-20T01:39:48.905488925Z",
    "id": "",
    "remote_ip": "<redacted>",
    "host": "<redacted>",
    "method": "POST",
    "uri": "/authlib-injector/sessionserver/session/minecraft/join",
    "user_agent": "Java/20.0.1",
    "status": 204,
    "error": "",
    "latency": 26549035,
    "latency_human": "26.549035ms",
    "bytes_in": 1011,
    "bytes_out": 0
  },
  {
    "time": "2023-12-20T01:39:49.090769564Z",
    "id": "",
    "remote_ip": "<redacted>",
    "host": "<redacted>",
    "method": "GET",
    "uri": "/session/session/minecraft/hasJoined?serverId=-5bb92e286f9b69ba309ef7727e73993658a04d64&username=_daemon_process",
    "user_agent": "Java/17.0.8",
    "status": 200,
    "error": "",
    "latency": 13123503,
    "latency_human": "13.123503ms",
    "bytes_in": 0,
    "bytes_out": 1368
  }
]

[evan-goode]

Thanks for the details, I can reproduce this with HMCL but not PollyMC. Gonna try to debug.

[evan-goode]

@anthonywww would you mind trying the fix in https://github.com/unmojang/drasl/pull/42?

[anthonywww]

Pulled branch https://github.com/unmojang/drasl/tree/fix-hmcl and it works on 1.20.2. Thanks!

[evan-goode]

Great, fixed in v1.0.2.